Vulnerabilities > Gitlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-30 | CVE-2018-20488 | Information Exposure vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. | 4.3 |
| 2019-12-26 | CVE-2018-20492 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. | 5.3 |
| 2019-12-20 | CVE-2019-15584 | Resource Exhaustion vulnerability in Gitlab A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. | 6.5 |
| 2019-12-18 | CVE-2019-5487 | Unspecified vulnerability in Gitlab An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits. | 5.3 |
| 2019-12-18 | CVE-2019-5469 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets. | 6.5 |
| 2019-12-18 | CVE-2019-15591 | Unspecified vulnerability in Gitlab An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled. | 6.5 |
| 2019-12-18 | CVE-2019-15580 | Information Exposure vulnerability in Gitlab An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted. | 6.5 |
| 2019-12-18 | CVE-2019-15577 | Improper Restriction of Excessive Authentication Attempts vulnerability in Gitlab An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing. | 4.3 |
| 2019-11-26 | CVE-2019-18456 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. | 5.3 |
| 2019-11-26 | CVE-2019-18454 | Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. | 6.1 |